Potential cloud users should ignore Patriot Act "scare stories": IDC
Organisations interested in adopting cloud computing should not be scared off by reports that shifting their data offshore will expose them to prying by the US government's Patriot Act legislation, an analyst has advised, arguing that data in US data centres is better protected than that stored in notoriously privacy-sensitive European jurisdictions.
"Scare stories over the Patriot Act abound, but they are fallactious," IDC research manager for European public cloud services David Bradshaw warned on the release of a new IDC research study, entitled Government Access to Cloud Data: Impact on Users, Vendors, and Markets.
"The Patriot Act is nothing special," he continued. "Indeed data stored in the US is generally better protected than in most European countries, in particular the UK. Most large organisations will already be using services, such as outsourcing, where their data is stored on a service vendor's system."
Noting that most countries have special-powers legislation that gives them access to data stored anywhere in their jurisdiction, Bradshaw said the real issue is "ensuring these powers are used only when absolutely necessary."
Access under the Patriot Act, for example, requires a court order, he pointed out, and this is only typically granted in "truly exceptional circumstances such as imminent danger or loss of life".
This advice runs contrary to that given to Australian government organisations, which have been wary of data sovereignty issues that have, in some cases, kept them from adopting cloud solutions in which their data may be hosted overseas.
This includes platform as a service (PaaS) offerings such as Microsoft Azure and Adobe Elastic Cloud 2 (EC2), which has been popular for use on an ad hoc basis by developers, organisations requiring burst excess Web hosting capacity, or government organisations posting large volumes of public data online.
General concern over the true react of the Patriot Act has fuelled significant investment in Australian-sited facilities. Local identity was a major selling point of the recent Data Centre as a Service (DCaaS) Multi Use List released last week, with vendors like UltraServe hoping to boost their cloud credentials with the key government sector by offering onshore hosting and cloud services.
For its part, IBM has just announced the Australian debut of its SmartCloud Enterprise (SCE+) infrastructure-as-a-service (IaaS) service, which is now hosted from a server in Sydney – a move that the company expects will increase its appeal with sovereignty-aware government departments. Ditto Objective Corporation, which launched a secure file-sharing platform, Objective Connect, that it's positioning as a government-friendly alternative to the popular Dropbox.
Ultimately, Bradshaw advised, the major consideration for most organisations is not where the data is stored but what benefits it can deliver for the organisation.
"For smaller organisations, cloud services should primarily be evaluated on the business value they bring to you," he said. "Data location is a far smaller consideration, and should not be a big concern for the vast majority of users."
The stories of limited access, substandard care and systemic problems in Australia's...
Public sector IT association Socitm has published a guide full of advice for CIOs on procuring...
Cloud-based centres can facilitate better training and guidance for employees, improve caller...